Re: [Chicken-users] Can anyone help test my Chicken-based web site?

[Matt Gushee]

Hi, Jules--

On Mon, Mar 11, 2013 at 9:06 PM, J Altfas <address@hidden> wrote:

Sounds interesting, certainly I'd be willing to help test it out, but of course, not sure exactly what sort of help you're looking for.

I thought I was pretty clear, but if not: I would like help in finding out if my web application has any vulnerabilities to attack related to its use of Chicken Scheme and ... certain eggs. I'm not going to say up front which ones (though if you've seen my recent posts to this lists you might guess, correctly, that I'm using Ersatz templates), because I want to know how much it is possible for a would-be cracker to find out. Not much, I am inclined to think ... but then I don't have that devious & paranoid mindset. I could never be a security consultant.

I will say (since you can find out from the HTTP headers anyway), that I am not using a Chicken-based server; what I have is a Chicken application running behind Nginx.

Anyway, I was hoping somebody who is good at that kind of thing could poke around and see what damage they can do to my site--within certain limits, of course: while I'm sure a malicious person could find a way to physically crash the server my site is running on, I don't think my hosting company would appreciate someone doing that as part of a testing protocol.

And again, if anyone cares to volunteer for this task, I'd like to set a specific time frame to ensure that I will be available to fix whatever gets broken.

Anyway, I regard Scheme is a great language for web programming!

At "webserv.bmedctr.com", you'll find a page describing my Scheme webserver--and its complete source code is available for download.

Hmm, seems like a cool project. Thanks for the link!

--

Matt Gushee